[Bug 228621] Certificate validation error in ntpd leap file / ietf.org chain

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu May 31 19:41:58 UTC 2018


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228621

--- Comment #1 from Jeff Schmidt <jas at jschmidt.org> ---
I believe this is a result of no CA root store being installed by default. 
Which I'm sure was a hotly debated topic and has been decided upon for noble
reasons.

However, that decision causes ntpd, which *is* installed by default, to not
grab the leap file because ietf.org is https.

The easy fix is to change the script to:
fetch --no-verify-peer https://www.ietf.org/timezones/data/leap-seconds.list

Not the most elegant, but the only option if root certs will not be available
for a default package.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-bugs mailing list